On 2/26/20 5:22 AM, Luke via mailop wrote:
>
> They also have no process in place for verifying From addresses. With
> their API, you can put whatever you want in the From field. Clearly not
> ideal, but they arent unique in this regard. All in all, considering the
> amount of email SendGrid sends, the scale of the phishing problem is
> remarkably small.
I strongly disagree with this. I get the most blatant phishing messages,
sometimes sent to obvious role addresses, and reporting it as being
received at one address (out of several) has historically caused that
address to get listwashed while the mail continues to the others.
This morning I looked at a fraction of my inbound Sendgrid mail and
found these DMARC rejection failures:
---------------------------------------------------------------
Received: from dhl.com (unknown [104.152.185.247])
by ismtpd0077p1mdw1.sendgrid.net (SG) with ESMTP id
WDd40e6kS0yDqUPUjLyFpg
From: dhlsen...@dhl.com
Subject: [Newsletters] DHL Shipment Successful : Air Waybill no 4449826931
Received: from wellsfargo.com
(ec2-3-12-148-177.us-east-2.compute.amazonaws.com [3.12.148.177])
by ismtpd0039p1iad2.sendgrid.net (SG)
From: Wells Fargo <noreply-al...@wellsfargo.com>
Subject: Warning: Account Temporary Blocked
Received: from WIN-JM5NDCQFSU3 (unknown [193.56.28.63])
by ismtpd0001p1lon1.sendgrid.net (SG)
From: "Chase Online" <no-re...@alertsp.chase.com>
Subject: Your Online Informations are Outdated. Update Now
Received: from MTQzMTI5NzY (unknown [35.175.22.107]) by
ismtpd0011p1iad2.sendgrid.net (SG)
From: "supp...@chase.com" <ap...@prockish.com>
Subject: [Card Fraud Prevention] Activity On Your Debit or ATM Card On
02/27/2020 [MAIL ID:4435446]
Received: from WIN-JM5NDCQFSU3 (unknown [193.56.28.63])
by ismtpd0004p1lon1.sendgrid.net (SG) with ESMTP id
Rmde0K91SFiqiUueuaNLbg
From: "Chase Online" <sm...@chaseonline.chase.com>
Subject: Online Alert.
---------------------------------------------------------------
And this is just the blatant phishing (there's much more non-phishing spam).
This is not the sign of a company that cares about phishing.
Adding a "will this message trigger a DMARC reject" filter on outgoing
mail would be trivial. Adding a filter that flags "@wellsfargo.com" and
other frequently phished domain names in the From header would be
trivial. Adding a filter that flags mail runs with a high percentage
sent to "support@", "info@", "sales@", and "billing@" would be trivial.
The fact that they haven't bothered with any of these things after years
of this tells you everything you need to know.
--
Robert L Mathews, Tiger Technologies, http://www.tigertech.net/
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
